proxmox smoothwall 2 nic

[michaelvv]

Hi proxmox....

I would like to make this setup , but how to do it.

Inet - eth1 - smoothwall in KVM ISO - eth0 -proxmox...

Router ADSL - eth1 - eth0
10.0.0.1 - 10.0.0.41 - 192.168.1.90

How should I configure /etc/network/interfaces , now i have

auto lo
iface lo inet loopback

auto vmbr0
iface vmbr0 inet static
address 192.168.1.90
netmask 255.255.255.0
gateway 192.168.1.41
bridge_ports eth0
bridge_stp off
bridge_fd 0

auto vmbr1
iface vmbr1 inet manual
bridge_ports eth1
bridge_stp off
bridge_fd 0

My old hardware router ALIX has ip 192.168.1.41 therefore the gateway in
wmbr0 is set to it.

I have set up smoothwall with the two Interfaces vmbr0 , vmbr1 which seems to
work but from the smoothwall i cannot ping the router 10.0.0.1....

Hope someone has tried this configuration or a simulary....

Thanks for a great product...

/Michael

 

[BitRausch]

Hi michael,

Even so I have not tested smoothwall but maybe this will help you.
I tested a couple of firewalls (astaro, endian, ipcop, untangle, clarkconnect, ISA Server 2006) within pve 1.3 as KVM VM's. Beside of untangle all worked without a problem.
(Sidenote: Untangle brought the whole pve server down ) Might be a configuration problem but I could not figure it out. I believe it's related to the way Untangle use the default setup as Bridge Mode. This results in messing up the network setup which makes pve to go into a indefinit loop and I had to power off the server. Did not investigate further so.)

I'am also using 2 NIC's. But I use the sencond nic as a different subnet. (take a look here). When I setup the firewall I use the first NIC as WAN (or RED) and the second nic as Internal (or Green). I setup the client to use the internal Firewall IP to go through. In terms of pve it means:
WAN = vmbr0
Lan = vmbr1
Put clients on vmbr1 with a fix address from the subnet.

Hope this will help you.

Kind regards
B.

 

[kumarullal]

Hi BitRausch,
How to configure an Ipcop KVM with 2 Nics on Proxmox?
Here is what I have.
wan IP 68.183.145.67 ---->Linksys Router (Wan Port)
Lan IP 192.168.1.1 ------> Linksys Router (Lan Port)
Proxmox IP 192.168.1.30 9 (eth0) (vmbr0?)
What should I configure eth1 (vmbr1?) Ip for Proxmox?
The KVM for IPcop, the RED (or Wan) IP ?
the GREEN (or Lan) IP?
Finally where should I have all my desktop pointing to for gateway?
Many Thanks in advance
Kumar

 

[BitRausch]

Hi Kumarullal,

I only tested IPcop for a very short period of time a while a go. Currently I am using ASTARO as a firewall. I find it much easier to configure and to handle. But maybe I can help...

Here is my setup:
(note: I am using bonding)

interfaces (pve):

iface vmbr0 inet static
address 192.168.178.22
netmask 255.255.255.0
gateway 192.168.178.1
bridge_ports bond0
bridge_stp off
bridge_fd 0

auto vmbr1
iface vmbr1 inet static
address 192.168.16.1
netmask 255.255.255.0
bridge_ports eth0
bridge_stp off
bridge_fd 0

ASTARO
Extern 192.168.178.234 -> WAN (IP address from router)
Gateway 192.168.16.1 -> Subnet

Intern 192.168.16.11 -> LAN Subnet


Client configuration:
IP 192.168.16.50
Gateway 192.168.16.11
DNS: 192.168.16.11

and I have setup a static route to 192.168.16.1 on my router. (not sure if you can do that on Linksys)

With this setup I have multiple clients/server running on 192.168.16.x subnet and I can still access the the server from the 192.168.178.x segment.

I am no expert in this but it worked for me after a couple of trial and error attempts. Not sure if there is a better or other way to do this...

Kind regards
BitRausch

 

[kumarullal]

Hi BitRausch
Thanks for your prompt response.
Can you clarify a couple of things.
Assuming Your WAN IP is 68.12.13.15 ---> connected to WAN port of your physical router. Assuming you are now left with a DMZ port and a LAN port on your Router. So in your Router setup should look something like this:
LAN IP : 192.168.1.1
WAN1 IP : 68.12.13.14
DNS1 : 66.51.205.100 | DNS2 66.51.206.100

So in your example the LAN IP on the router is set to 192.168.178.22 OR
192.168.16.1, (Since your Sub-net for users is 192.168.16.0)

 

[BitRausch]

Hi Kumar,

not sure if I understand you correctly...lets see:

PVE server:
NIC1=vmbr0=192.168.178.22
NIC2=vmbr1=192.168.16.1

So all my traffic for my subnet goes through NIC2. Thats why the IP address of NIC2 is used as the gateway address for the external connection of the firewall. My router provide the address range of 192.168.178.x so the firewall external (RED) is an address from that range (192.168.178.234 and Gateway= 192.168.16.1). The internal LAN (GREEN) off the firewall is an address of 192.168.16.11 where all clients connect to.
Since I do not use DMZ I am not sure how this is to be configured.

But I will try and setup an IPCop version just to check it out...

kind regards
BitRausch

PS. My router IP is 192.168.178.1

 

[kumarullal]

Thanks BitRausch,
Now I understand. This brings about another question. How would VPN work.
I am using your example in my scenario.
Linksys WAN port (68.12.12.12) WAN IP (Given by ISP.
Linksys LAN port (192.168.178.x)----> catering to 192.168.178.0 subnet.
Proxmox NIC1 (192.168.178.x)
Proxmox NIC2 (192.168.16.x) -------> catering to 192.168.16.0 subnet.
Am I correct so far?
ok. Now I use Linksys VPN tunnel with another Linksys Router (Using Ipsec, md5 and 3des). Therefore My local subnet will be (From the linksys perspective) 192.168.178.0.
The router at other end will also use 192.168.178.0 as the remote subnet for VPN tunnel. Which mean the devices at the other end will be ab le to access 192.168.178.0 subnet. How can they access 192.168.16.0 subnet, which is what anyone should want.

 

[BitRausch]

Hi Kumar,

I do not use VPN. But if you need to access you clients/computers on the 192.168.16.x subnet you need to set a static route.
I can do that on my router but I am not sure if you can do that on your linksys router.
For example:
I set a static route from 192.168.178.x to 192.168.16.1. Now I can access my X.X.16.X subnet from any computer in the 192.168.178.x subnet. This should also work with VPN I imagine.

kind regards
BitRausch